socgholish | 373f5768b0f8d285f438db49935294881a52946ba4454ec783803ec3e69139d5

Analysis

max time kernel
141s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-11-2024 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af176d95fcbc4d9683f7750d42593669_JaffaCakes118.html
Size

218KB
MD5

af176d95fcbc4d9683f7750d42593669
SHA1

5c317cf34687d3a487d0a3834f4a973332943cb0
SHA256

373f5768b0f8d285f438db49935294881a52946ba4454ec783803ec3e69139d5
SHA512

d4429be840dd7a5c8a58db9aac966943ff6310dfca245b91b51d0cf240ff485a55c1014d25877181905deb2f533e94da7b8b272cde636851e75293c489aa45f1
SSDEEP

3072:7okclLFodthxh8S0ijgrrGVS2a4CeFMcRRBGgscnRyLBSdKBHCusR60lCqbuXFkp:8kclWyMS27PtX

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3B8AE9A1-AE10-11EF-999E-E67A421F41DB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439018890"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2280	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2280	iexplore.exe
2280	iexplore.exe
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2772	2280	iexplore.exe	31
PID 2280 wrote to memory of 2772	2280	iexplore.exe	31
PID 2280 wrote to memory of 2772	2280	iexplore.exe	31
PID 2280 wrote to memory of 2772	2280	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\af176d95fcbc4d9683f7750d42593669_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
48b65b633e31c9b96e92183d62d9c02b

SHA1
12807085e66f28dd67b2b200bd997e91782e9cf5

SHA256
8a8f60f89f4b7834eec8eeee1a4b15249d34d3d2676d7c673a8a30b4bdc3a7ba

SHA512
a808b85e7305e8b7bd498d7ea808fdad8fa736cbfc0bd4bcc140628c779926a2d725bec3f04232f401407dc50930c65e1d9726af73f4da6103359d395387d672

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
3632683aa5793c651981437c815781b5

SHA1
09b4a8a1cc25486fc41360f999204c2568ca7820

SHA256
d0ee02eec2aa9d2f056f92b5b5db0700b8d73968c3d306fea0f386adcc71bbf3

SHA512
d99ca839863ae9486376a2eae8e37a9f46f469c49d4a392a155681ae2fa2c0855338078b83537b8af4667ff61a44d23738a8611e962fdc32a7385951bb4ba892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bff0507a33cb3a832d92e6ed89c9903a

SHA1
7f20ecb66290cd934760401e6fbad0de76593be8

SHA256
24b6174d880e438056eafa579ec29f0cac5e188ed7e35d4f3d875e69456d4716

SHA512
468f48d9f74b06473652e4b60cfbf6a9a468dcf09a327e09cd67240aa41fb27a73cf39432e482de4ed0ab11cb16337c2906a304b3ec704e204c1f1a10c71014b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a752d37803c5d34acea6589c311e33b8

SHA1
1246b9d988a3d1b45b8925b38f12025a9b688845

SHA256
96b1d2bc6924b8c6ee392676606ac774f80031f8f28bf9c2584d7336592ed688

SHA512
e189fbc38513b06e25fef79aaa0a4fa78eb1d37768b12a61b38bf211e9d387c18c01018fd176cd4f99ab16fcafb4aeb09601bef1968cd2ea28192261f262954e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28076a2a7b2d5d92ad85988eaeb25814

SHA1
149a33ab1728ef454ded6e5f62c3094833f339ce

SHA256
4ef3101659164c78df1578e21f0ea3d3f1940cdd53f665a4d894c7fef5b2e832

SHA512
e4bc2a3152d06396b115737ff0a07cc1aca562c4569119c5db9c3efe8f41ac47e00392df17b87d40d774170c3c483b4df5c09940d868afbd65f2ff39c90f9e49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
869d1143c25caccd824bfc8e658bd6fa

SHA1
3b8d722659cff3ef0bcae713756defa80e7dc956

SHA256
a9c6c92916cd5f3876d4931ff4509eb00ff495af2dfadd21ea4672bfa9cd262a

SHA512
213deba9e23accedb6edb7996921a43b10b7faa231d7f20803631cb866ca052470466769ea2db20a7af3891b0701b8993516c9adc5452a946de036300e7f64a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
191e06c9eb00c9269a50f2def1c51d27

SHA1
764252ab9781a2000b87cabf871f551f52bb238b

SHA256
ec2a1146a3bbbdf2619a6404b38af17e28f3c02b821dfd1e87965a1fdf8898a7

SHA512
c0697b67df952e0d470e55f8018666900cd6e99553f5dfabe6d83a19dfdbf91dfcdf55cd17884335a038a9ab72c0f8be629a71538a08ff1594dad371b1e53136

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1c706743920948017228dc508b907bd

SHA1
e587fba99288028bc3ed03c0cab950bc797ca69d

SHA256
841bd86bb78268ca3241792f9f7e990528c599d89c35b3fad2a4ff9a7393a9b2

SHA512
226ea21830c9c11949ce4f5a3efcb34fe9deb7015ecb3c023ecd940f711798a6ff7702397ce212b577ef5fe3160d7b26a7ba35e1a6036e9ad163f5b191342f92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3381b9cfba0dacd4e763bc7e4419037

SHA1
5d9bf29a8f746c67d8ebad5aef622a7babf552cf

SHA256
9a4f665fa8cf5f3d447ed374a9a2f197ed43a1478024c26e6f0c3e4b9b541afa

SHA512
7f4b4e48125865716a65660a2e8179a24cd58ecc05f327d9d46a6f2062d9df8fc1486faaa53b5c7c8df56b6952da304ba8e1bde7d2f5b9703c33d249171b0117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e991aa7469054d1613e481a38c06d05c

SHA1
979121a0f24031bcbd59baab491d19efcb2f5b28

SHA256
e282f6fd503d0ef50e5f9cbc2b0ed4cd07946b6076a38f192755e4fb58fbcb45

SHA512
993e8e797d4493926f5879110c2b74c8fc48c714dc61de75418d35af2ab0025a29894b6ea1753a914e1298c7a79ce3cb3b99eac4f97d5c5d6f2a779eae44a1a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a3fb1be415179f66fe2231b9fb1fbbb

SHA1
d12ab31bc0de7be38914ea7ca48ec49dc4d5bf7c

SHA256
4141f073a9e4319c87474d4f7f0fed0663a0c5b252eb6c2f6c0ab3671eb7e60d

SHA512
dab4e2c46371dd48ee9c4701cc373eb1d56b9fff8a4a3251311a4131dc04fa9a0575708be2253d5ecb6dcb579b58ef292580f2bceb997ddc6dfa192699154b0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb3c87b8082718bf434fa83b85233689

SHA1
2323e680e8f2c4c10f8b3368b46e705d11fe096e

SHA256
92df81ee1f8cd31706a8f4f744146f337a7d2aa67da4dfb5d0c4b7678fd215ba

SHA512
2f3c277352f75003751193c546304d3b6d7c98644e7513e23c2d432f8c205481c1edf1c29ac79cb207fad4e3195851eb5a1ec75177c60d76befa43443862d1b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bee9bf73340d5df6c5ee179d23f7da70

SHA1
7f3e911316b1d6ec28123527a29b822c12462cd3

SHA256
7c5f7ec28533e22c9f7acb647ef86f5cb42320e6a8b618c7a10325aadd874df3

SHA512
8a61f8fa5da444bdf1716055c8939af8350de2e1aacd8dcdc125a4c7c1333ad17b949bb4c4bb6ff6588f138adcd6080f1afd104a3bece93a2eb59d30a1aa04dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d6faa1c3d81bf62e7d22c52fdb4679e

SHA1
0503d4274cbd4c4381e8184b342884ec77367a71

SHA256
3790ebc32238f651c833a952eb245ac5d95256f6886218ae0724262e6222683f

SHA512
3343dff28b001e7bd6e2ee4c4081010d7e069cb229707e7756b5bcebb7d5b582beb7e468cf80220dc6efa2e8263286ac6285645562a836508842a2594bb9294c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
f68f7c35e8f2becc2e93aa2e941bff95

SHA1
83d87ef788049a7bf9eee98fa145244a8037532f

SHA256
ecb2ea5112d0fb19ca7e97bec0f29d12d56f34fd01cfda22026b5148d9880461

SHA512
6f6182d0f8c948bbee45b471ee8ff25f92eba4106adb6bc53d98b391f88deac3a7b6debcba67f743d386f9ed1e22b9dbd46f98c27f41d6423370863b4a5675a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE7F1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE89F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit